"President Obama’s pick to head the Consumer Financial Protection Bureau [“CFPB”] got a firsthand taste of the effects of the government sequester while trying to get to his confirmation hearing Tuesday. Richard Cordray... had to wait outside in the rain in a long line that wrapped around the corner of the Dirksen Senate office building to get into his 10 a.m. hearing before the Senate Banking Committee. Citing the budget cuts from the automatic sequester cuts, the Capitol Police have shut down several entrances to the congressional office building, resulting in longer waits at the doors and security checkpoints that are open." Washington Times March 12, 2013.
The Business Lawyer, published by the American Bar Association’s Business Law Section, in its annual survey of Consumer Financial Services devotes 71 pages of single-spaced, heavily footnoted text to the first year of the CFPB. The CFPB’s activities resemble nothing more than a whirling regulatory dervish. It has jurisdiction over banks and credit unions with assets over $10 billion, over all mortgage companies, payday lenders and private education lenders (student loans). It also has jurisdiction over larger participants in consumer financial products or services. It has issued a number of final rules, a study on private student lending (just followed up in May with another report on private student loans), and a report on the three largest credit reporting agencies. It is currently studying arbitration in consumer services (an area of law protected by the U.S. Supreme Court in recent years).
CFPB has engaged in significant regulatory action in residential mortgage lending, through its RESPA, TILA and HOEPA jurisdiction. It will shortly issue new regulations on “ability to repay” and “qualified mortgage” standards. It is also preparing to regulate all residential mortgage servicers, with some indication that smaller servicers may be exempt. It has also taken enforcement action against some of the same banks and credit card companies that Attorney General King recently sued in New Mexico state court over sale of payment protection plans. It has issued rules on credit reporting services. It maintains an active complaint response program, and a cursory look at CFPB’s website shows that it encourages complaints.
For most New Mexico banks the main compliance issues will arise in the area of residential mortgage operations. New and enhanced disclosures will cause compliance headaches without any easy cure-all. If Mr. Cordray is not confirmed, he risks ouster from his directorship under recent federal court cases which held that similar “recess” appointments of NLRB commissioner were void. Unlike the NLRB rule making, Cordray’s ouster will not invalidate CFPB regulations or actions.
A significant and long running case involving wire transfers and internet banking has finally come to a close after more than four years of intense litigation. As you know, wire transfers and internet banking is under Article 4A of the Uniform Commercial Code. In Patco Construction Co., Inc. v. People’s United Bank, Patco suffered a loss or more than $500,000 through a fraudulent hacking scheme. Patco, a Maine company, used the bank’s internet banking system primarily for payroll. In 2009 hackers drained funds from Patco’s payroll account on a daily basis over a substantial period of days. The system vendor warned by its usual signals that these transactions might be fraudulent. No monitoring occured. The bank had instituted a system that essentially complied with federal guidelines with challenge questions and similar protections. However, the “trigger” for the challenge questions was set at $1.00. This low trigger enabled the hackers to have almost unlimited shots at deciphering the challenge questions. At trial in the U.S. District Court, the judge found all the bank’s protections “commercially reasonable”—the Article 4A standard for bank freedom from liability. On appeal, the U.S. Court of Appeals reversed and found in favor of Patco. The Court found that the low trigger, failure to change challenge questions frequently and lack of monitoring not “commercially reasonable” and sent the case back for re-trial. Patco, which had sought attorney fees and damages above the $500,000 actual loss then settled with the bank, based on the Court of Appeals statements that Patco may have been partially at fault for not monitoring its own accounts.
One clear lesson stands out from Patco: the Court of Appeals criticized the bank for having a “one size fits all” security system. In other words, banks should have much more sophisticated and complex security for large depositors with significant flows of funds. Otherwise, in the age of genius hackers, a bank risks an adverse outcome and as anyone who has experienced large scale hacking, a lot of money can leave very quickly.
As an aside, I had to go to the Southeast part of the State last week. For those suffering the malaise of the Albuquerque and Santa Fe recovery, a trip to Roswell, Artesia and that area is a real eye opener. Roswell now has at least four new large chain hotel-motels on the border of N.M.M.I. Committed to progress Roswell has a prominent natural gas refueling station which resembles a small filling station. Artesia is booming and housing is in short supply. One prominent banker in Artesia said there were many jobs (not just oil field) vacant and unfilled in the market area. A new apartment is being built, the first in many years. Albuquerque and Santa Fe ignore this part of the state, and do so at their peril.
Have a good day and do good.
Marshall G. Martin
Comeau Maldegen Templeman & Indall
Cell: 505-228-8506
Office: 505-982-4611
The Business Lawyer, published by the American Bar Association’s Business Law Section, in its annual survey of Consumer Financial Services devotes 71 pages of single-spaced, heavily footnoted text to the first year of the CFPB. The CFPB’s activities resemble nothing more than a whirling regulatory dervish. It has jurisdiction over banks and credit unions with assets over $10 billion, over all mortgage companies, payday lenders and private education lenders (student loans). It also has jurisdiction over larger participants in consumer financial products or services. It has issued a number of final rules, a study on private student lending (just followed up in May with another report on private student loans), and a report on the three largest credit reporting agencies. It is currently studying arbitration in consumer services (an area of law protected by the U.S. Supreme Court in recent years).
CFPB has engaged in significant regulatory action in residential mortgage lending, through its RESPA, TILA and HOEPA jurisdiction. It will shortly issue new regulations on “ability to repay” and “qualified mortgage” standards. It is also preparing to regulate all residential mortgage servicers, with some indication that smaller servicers may be exempt. It has also taken enforcement action against some of the same banks and credit card companies that Attorney General King recently sued in New Mexico state court over sale of payment protection plans. It has issued rules on credit reporting services. It maintains an active complaint response program, and a cursory look at CFPB’s website shows that it encourages complaints.
For most New Mexico banks the main compliance issues will arise in the area of residential mortgage operations. New and enhanced disclosures will cause compliance headaches without any easy cure-all. If Mr. Cordray is not confirmed, he risks ouster from his directorship under recent federal court cases which held that similar “recess” appointments of NLRB commissioner were void. Unlike the NLRB rule making, Cordray’s ouster will not invalidate CFPB regulations or actions.
A significant and long running case involving wire transfers and internet banking has finally come to a close after more than four years of intense litigation. As you know, wire transfers and internet banking is under Article 4A of the Uniform Commercial Code. In Patco Construction Co., Inc. v. People’s United Bank, Patco suffered a loss or more than $500,000 through a fraudulent hacking scheme. Patco, a Maine company, used the bank’s internet banking system primarily for payroll. In 2009 hackers drained funds from Patco’s payroll account on a daily basis over a substantial period of days. The system vendor warned by its usual signals that these transactions might be fraudulent. No monitoring occured. The bank had instituted a system that essentially complied with federal guidelines with challenge questions and similar protections. However, the “trigger” for the challenge questions was set at $1.00. This low trigger enabled the hackers to have almost unlimited shots at deciphering the challenge questions. At trial in the U.S. District Court, the judge found all the bank’s protections “commercially reasonable”—the Article 4A standard for bank freedom from liability. On appeal, the U.S. Court of Appeals reversed and found in favor of Patco. The Court found that the low trigger, failure to change challenge questions frequently and lack of monitoring not “commercially reasonable” and sent the case back for re-trial. Patco, which had sought attorney fees and damages above the $500,000 actual loss then settled with the bank, based on the Court of Appeals statements that Patco may have been partially at fault for not monitoring its own accounts.
One clear lesson stands out from Patco: the Court of Appeals criticized the bank for having a “one size fits all” security system. In other words, banks should have much more sophisticated and complex security for large depositors with significant flows of funds. Otherwise, in the age of genius hackers, a bank risks an adverse outcome and as anyone who has experienced large scale hacking, a lot of money can leave very quickly.
As an aside, I had to go to the Southeast part of the State last week. For those suffering the malaise of the Albuquerque and Santa Fe recovery, a trip to Roswell, Artesia and that area is a real eye opener. Roswell now has at least four new large chain hotel-motels on the border of N.M.M.I. Committed to progress Roswell has a prominent natural gas refueling station which resembles a small filling station. Artesia is booming and housing is in short supply. One prominent banker in Artesia said there were many jobs (not just oil field) vacant and unfilled in the market area. A new apartment is being built, the first in many years. Albuquerque and Santa Fe ignore this part of the state, and do so at their peril.
Have a good day and do good.
Marshall G. Martin
Comeau Maldegen Templeman & Indall
Cell: 505-228-8506
Office: 505-982-4611
No comments:
Post a Comment